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REMARKS 

The present Amendment amends claims 1-16, and no claims are canceled or 
added. Therefore, the present application has pending claims 1-16. 
Information Disclosure Statement 

An Information Disclosure Statement (IDS) was filed on February 14, 2008. 
Although the Examiner returned a copy of Form PTO-1449, the Examiner did not 
initial the Ishibashi reference listed under "Other Documents" on the Form PTO- 
1449. Therefore, Applicants respectfully request the Examiner to initial the Ishibashi 
reference and return the enclosed copy of the Form PTO-1449 to indicate that the 
document has been considered. 
Claim Objections 

Claim 9 stands objected to due to informalities noted by the Examiner. 
Amendments were made to claim 9 to correct the informalities. Therefore, this 
objection is overcome and should be withdrawn. 
35 U.S.C. 5102 Rejections 
Claims 1-7 and 16 

Claims 1-7 and 16 stand rejected under 35 U.S.C. §1 02(e) as being 
anticipated by U. S. Patent Publication No. 2003/01 7471 8 to Sampath et al. 
("Sampath"). This rejection is traversed for the following reasons. Applicants submit 
that the features of the present invention as now more clearly recited in claims 1-7 
and 16 are not taught or suggested by Sampath whether taken individually or in 
combination any of the other references of record. Therefore, Applicants respectfully 
request the Examiner to reconsider and withdraw this rejection. 
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Amendments were made to the claims to more clearly describe features of the 
present invention. Specifically, amendments were made to the claims to more 
clearly recite that the present invention is directed to a network authentication 
apparatus, a network authentication system and a switch apparatus as recited, for 
example, in independent claims 1 and 1 6. 

The present invention, as recited in claim 1 , and a similarly recited in claim 16, 
provides a network authentication apparatus. The apparatus includes a network 
interface unit connected with a network and that transmits/receives a packet. The 
apparatus also includes a packet relay unit that relays a received packet in 
accordance with a destination address of the received packet. The apparatus further 
includes a filtering processing unit that determines whether to relay the received 
packet to the packet relay unit or discard the packet. The filtering processing unit 
determines whether to relay or discard in accordance with; (a) one or more of a 
destination MAC (Media Access Control) address and a destination IPv6 (Internet 
Protocol version 6) address and a source MAC address; and (b) a source IPv6 
interface ID, contained in the received packet. The prior art does not disclose all of 
these features. 

The above described features of the present invention, as now more clearly 
recited in the claims, are not taught or suggested by any of the references of record, 
particularly Sampath, whether taken individually or in combination with any of the 
other references of record. 

Sampath teaches a scalable packet filter for a network device. However, 
there is no teaching or suggestion in Sampath of the network authentication 
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apparatus, the network authentication system, or the switch apparatus as recited in 
claims 1 and 16 of the present invention. 

Sampath discloses a network device for network communications. The 
device includes at least one data port interface, where the at least one data port 
interface supports at least one data port transmitting and receiving data and a CPU 
interface, and where the CPU interface is configured to communicate with a CPU. 
The network device also includes a memory communicating with the at least one 
data port interface, a memory management unit, the memory management unit 
including a memory interface for communicating data from the at least one data port 
interface and the memory and a communication channel, the communication 
channel for communicating data and messaging information between the at least 
one data port interface, the CPU interface, the memory, and the memory 
management unit. The network device also includes a fast filtering processor, the 
fast filtering processor filtering packets coming into the at least one data port 
interface, and taking selective filter action on a particular packet of the packets 
based upon specified packet field values. The specified packet field values are 
obtained by applying a filter mask, obtained from a field table, to the particular packet 
and the selective filter action is obtained from a policy table based on the specified 
packet field values. 

One feature of the present invention, as recited in claim 1 , and as similarly 
recited in claim 16, includes a filtering processing unit that determines whether to 
relay the received packet to the packet relay unit or discard the packet in accordance 
with: one or more of a destination MAC (Media Access Control) address and a 
destination IPv6 (Internet Protocol version 6) address and a source MAC address; 
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and a source IPv6 interface ID, contained in the received packet. Sampath does not 
disclose this feature. 

For example, Sampath does not teach or suggest determining whether to 
relay or discard the packet in accordance with a source IPv6 interface ID, contained 
in the received packet, in the manner claimed. In the present invention, when a 
terminal device of a certain user moves and the network to be connected is changed, 
the terminal device newly receives distribution of an IP address from a DHCP 
(dynamic host configuration protocol) server, at the destination network. Therefore, 
the IP address of the terminal device would change when the terminal device moves. 
In some cases, the IP address cannot be used as a parameter of user authentication 
and filtering. It is an object of the present invention to solve this problem. It is 
another object of the present invention to secure both mobility and security, in a 
system where user authentication and filtering are performed (see, e.g., page 3, line 

23 to page 4, line 4). 

Accordingly, the present invention focuses on an interface ID, which is the 
lower 64 bits of an IPv6 address. This ID is an invariant ID even when the network 
to be connected is changed. One feature of the present invention is to use the 
interface ID as a parameter of user authentication and filtering. Thereby, the present 
invention has a great advantage that it is possible to secure both mobility and 
security in a system where user authentication and filtering are performed. 

Sampath relates to a network device that includes a filtering processor, which 
filters packets based on a MAC address and an IP address. However, Sampath is 
not directed to mobility of a terminal, as in the present invention. For example, as 
described in paragraphs [0051] and [0052], and Table 3, Sampath merely discloses 
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a source IP address in a field table. However, Sampath does not disclose an 
interface ID of a source IPv6 address (i.e., a source IPv6 interface ID). When the 
source IP address of Sampath is used for filtering, even if the address is an IPv6 
address, it is not possible to secure mobility because the source IP address includes 
a network ID (compare with Fig. 7 of the present invention). Sampath does not have 
the purpose or advantage of securing mobility, as in the present invention. 

Sampath also discloses a "User Defined 1 6 bit field" in Table 3. However, this 
is not the same as the 64 bit interface ID of the source IPv6 address of the present 
invention. Accordingly, it is clear that Sampath does not set the interface ID of the 
source IPv6 address in the field. Therefore, it follows that Sampath does not teach 
or suggest securing both mobility and security in a system where user authentication 
and filtering are performed, and is different from the present invention. 

Therefore, Sampath fails to teach or suggest "a filtering processing unit that 
determines whether to relav the receive d packet to the packet relay unit or discard 
the packet in accordance with: one or more of a destination MAC (Media Access 
Controh address and a destination IPv6 (Internet Protocol version 6) address and a 
source MAC address: and a source IPv 6 interface ID. contained in the received 
packet " as recited in claim 1 , and as similarly recited in claim 16. 

Therefore, Sampath does not teach or suggest the features of the present 
invention, as recited in claims 1-7 and 16. Accordingly, reconsideration and 
withdrawal of the 35 U.S.C. §1 02(e) rejection of claims 1-7 and 16 as being 
anticipated by Sampath are respectfully requested. 
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The remaining references of record have been studied. Applicants submit 
that they do not supply any of the deficiencies noted above with respect to the 
references used in the rejection of claims 1-7 and 16. 



Claims 1-8 and 11-16 

Claims 1-8 and 1 1-16 stand rejected under 35 U.S.C. §1 02(b) as being 
anticipated by U. S. Patent Publication No. 2002/0016858 to Sawada et al. 
("Sawada"). This rejection is traversed for the following reasons. Applicants submit 
that the features of the present invention as now more clearly recited in claims 1-8 
and 11-16 are not taught or suggested by Sawada, whether taken individually or in 
combination any of the other references of record. Therefore, Applicants respectfully 
request the Examiner to reconsider and withdraw this rejection. 

Amendments were made to the claims to more clearly describe features of the 
present invention. Specifically, amendments were made to the claims to more 
clearly recite that the present invention is directed to a network authentication 
apparatus, a network authentication system and a switch apparatus as recited, for 
example, in independent claims 1,11 and 16. 

The present invention, as recited in claim 1 , and as similarly recited in claims 
1 1 and 16, provides a network authentication apparatus. The apparatus includes a 
network interface unit connected with a network and that transmits/receives a 
packet. The apparatus also includes a packet relay unit that relays a received 
packet in accordance with a destination address of the received packet. The 
apparatus further includes a filtering processing unit that determines whether to relay 
the received packet to the packet relay unit or discard the packet. The filtering 
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processing unit determines whether to relay or discard in accordance with; (a) one or 
more of a destination MAC (Media Access Control) address and a destination IPv6 
(Internet Protocol version 6) address and a source MAC address; and (b) a source 
IPv6 interface ID, contained in the received packet. The prior art does not disclose 
all of these features. 

The above described features of the present invention, as now more clearly 
recited in the claims, are not taught or suggested by any of the references of record, 
particularly Sawada, whether taken individually or in combination with any of the 
other references of record. 

Sawada teaches a communication apparatus for routing or discarding a 
packet sent from a user terminal. However, there is no teaching or suggestion in 
Sawada of the network authentication apparatus, the network authentication system, 
or the switch apparatus as recited in claims 1 , 11 and 16 of the present invention. 

Sawada discloses a packet communications apparatus. The apparatus 
includes a plurality of network interfaces (NIFs), a learned address table, a packet 
forwarding unit (PFU) and a processor for directive packets to change state 
(PDPCS). The learned address table contains information for identifying a NIF 
through which to send a packet. The PFU selects a port through which to forward a 
packet by referring to the learned address table, according to the state of the NIFs, 
and forwards or discards a packet received from a user terminal. The PDPCS 
receives a packet including a directive to change the state of a specific NIF to one of 
the connected state, disconnected state and stateless. The PDPCS changes the 
state of the specific NIF to one of the connected state, disconnected state and 
stateless, according to the directive in the packet. 
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One feature of the present invention, as recited in claim 1 , and a similarly 
recited in claims 11 and 16, includes a filtering processing unit that determines 
whether to relay the received packet to the packet relay unit or discard the packet in 
accordance with: one or more of a destination MAC (Media Access Control) address 
and a destination IPv6 (Internet Protocol version 6) address and a source MAC 
address; and a source IPv6 interface ID, contained in the received packet. Sawada 
does not disclose this feature. 

For example, Sawada does not teach or suggest determining whether to relay 
or discard a packet in accordance with a source IPv6 interface ID, contained in the 
received packet, in the manner claimed. As previously discussed, the present 
invention focuses on an interface ID, which is the lower 64 bits of an IPv6 address. 
This ID is an invariant ID even when the network to be connected is changed. One 
feature of the present invention is to use the interface ID as a parameter of user 
authentication and filtering. Thereby, the present invention has a great advantage 
that it is possible to secure both mobility and security in a system where user 
authentication and filtering are performed. 

Sawada discloses a packet communication apparatus that performs an 
authentication and secures security based on a MAC address and an IP address. 
However, Sawada is not directed to the mobility of a terminal, and does not disclose 
using an interface ID of a source IPv6 address, as in the present invention. 

To support the assertion that Sawada teaches a source Ipv6 interface ID, the 
Examiner cites paragraphs [01 16] and [0139]. However, neither the cited text nor 
any other portion of the Sawada, teaches or suggests the claimed feature. For 
example, as described in paragraph [01 16], and as shown in Fig. 12, the filtering 
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table 1101 contains a destination address condition field 1201, a source address 
condition field 1202, and a forward/discard flag field 1203. In the destination address 
condition field 1201 and the source address condition field 1202, an IP address or 
data representing an "arbitrary" address is registered. There is no teaching or 
suggestion in Sawada that this IP address is a source IPv6 interface ID, as claimed. 

As described in paragraph [0139], and as shown in Fig. 17, the filtering table 
1607 contains entries in a MAC address field 1701 , an IP address field 1702, and a 
connection port field 1703. There is no teaching or suggestion of a source IPv6 
interface ID, in the manner claimed. 

Therefore, Sawada fails to teach or suggest "a filtering processing unit that 
determines whether to relay the receiv ed nacket to the packet relay unit or discard 
the packet in accordance with: one or more of a destination MAC (Media Access 
Control address and a destination IPv6 (Internet Protocol version 6) address and a 
source MAC address: and a source IPv6 interface I D. contained in the received 
packet" as recited in claim 1, and as similarly recited in claims 11 and 16. 

Therefore, Sawada does not teach or suggest the features of the present 
invention, as recited in claims 1-8 and 11-16. Accordingly, reconsideration and 
withdrawal of the 35 U.S.C. §102(b) rejection of claims 1-8 and 1 1-16 as being 
anticipated by Sawada are respectfully requested. 

The remaining references of record have been studied. Applicants submit 
that they do not supply any of the deficiencies noted above with respect to the 
references used in the rejection of claims 1-8 and 11-16. 

35 U.S.C. 6103 Rejections 
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Claims 8, 9 and 11-15 stand rejected under 35 U.S.C. §1 03(a) as being 
unpatentable over Sampath in view of U. S. Patent No. 6,442,588 to Clark et al. 
("Clark"). This rejection is traversed for the following reasons. Applicants submit 
that the features of the present invention, as now more clearly recited in claims 8, 9 
and 11-15, are not taught or suggested by Sampath or Clark, whether taken 
individually or in combination with each other in the manner suggested by the 
Examiner. Therefore, Applicants respectfully request the Examiner to reconsider 
and withdraw this rejection. 

Claims 8 and 9 are dependent on claim 1 . Therefore, Applicants submit that 
claims 8 and 9 are allowable for at least the same reasons as previously discussed 
regarding independent claim 1 . 

Regarding the remaining claims 11-15, amendments were made to the claims 
to more clearly describe features of the present invention. Specifically, amendments 
were made to the claims to more clearly recite that the present invention is directed 
to a network authentication system as recited, for example, in independent claim 1 1 . 

The present invention, as recited in claim 11, provides a network 
authentication system. The network authentication system includes an 
authentication server that receives an authentication request from an arbitrary 
information terminal device connected via a network and executing authentication 
based on predetermined information related to the arbitrary information terminal 
device. The network authentication system also includes a network node device 
connected to the network and that relays a packet received from the network. 
According to the present invention, the network node device includes a network 
interface unit connected with the network and that transmits/receives a packet, a 
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packet relay unit that relays a received packet in accordance with a destination 
address of the received packet, and a filtering processing unit that determines 
whether to relay the received packet to the packet relay unit or discard the packet. 
The filtering processing unit determines whether to relay or not in accordance with: 
(a) one or more of a destination MAC (Media Access Control) address and a 
destination IPv6 (Internet Protocol version 6) address and a source MAC address; 
and (b) a source IPv6 interface ID,_contained in the received packet, where the 
filtering processing unit relays only a packet addressed to the authentication server 
to the packet relay unit, of packets sent from an arbitrary information terminal device 
that is not authenticated by the authentication server. The prior art does not teach or 
suggest all of these features. 

The above described features of the present invention, as now more clearly 
recited in the claims, are not taught or suggested by any of the references of record. 
Specifically, the features are not taught or suggested by either Sampath or Clark, 
whether taken individually or in combination with each other. 

As previously discussed, Sampath teaches a scalable packet filter for a 
network device. However, there is no teaching or suggestion in Sampath of the 
network authentication system as recited in claim 1 1 of the present invention. 

One feature of the present invention, as recited in claim 1 1 , includes a filtering 
processing unit that determines whether to relay the received packet to the packet 
relay unit or discard the packet in accordance with: one or more of a destination 
MAC (Media Access Control) address and a destination IPv6 (Internet Protocol 
version 6) address and a source MAC address; and a source IPv6 interlace ID, 
contained in the received packet. Sampath does not disclose this feature. 
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For example, Sampath does not teach or suggest determining whether to 
relay or discard the packet in accordance with a source IPv6 interface ID, contained 
in the received packet, in the manner claimed. In the present invention, when a 
terminal device of a certain user moves and the network to be connected is changed, 
the terminal device newly receives distribution of an IP address from a DHCP 
(dynamic host configuration protocol) server, at the destination network. Therefore, 
the IP address of the terminal device would change when the terminal device moves. 
In some cases, the IP address cannot be used as a parameter of user authentication 
and filtering. It is an object of the present invention to solve this problem. It is 
another object of the present invention to secure both mobility and security, in a 
system where user authentication and filtering are performed (see, e.g., page 3, line 
23 to page 4, line 4). 

Accordingly, the present invention focuses on an interface ID, which is the 
lower 64 bits of an IPv6 address. This ID is an invariant ID even when the network 
to be connected is changed. One feature of the present invention is to use the 
interface ID as a parameter of user authentication and filtering. Thereby, the present 
invention has a great advantage that it is possible to secure both mobility and 
security in a system where user authentication and filtering are performed. 

Sampath relates to a network device that includes a filtering processor, which 
filters packets based on a MAC address and an IP address. However, Sampath is 
not directed to mobility of a terminal, as in the present invention. For example, as 
described in paragraphs [0051] and [0052], and Table 3, Sampath merely discloses 
a source IP address in a field table. However, Sampath does not disclose an 
interface ID of a source IPv6 address (i.e., a source IPv6 interface ID). When the 
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source IP address of Sampath is used for filtering, even if the address is an IPv6 
address, it is not possible to secure mobility because the source IP address includes 
a network ID (compare with Fig. 7 of the present invention). Sampath does not have 
the purpose or advantage of securing mobility, as in the present invention. 

Sampath also discloses a "User Defined 1 6 bit field" in Table 3. However, this 
is not the same as the 64 bit interface ID of the source IPv6 address of the present 
invention. Accordingly, it is clear that Sampath does not set the interface ID of the 
source IPv6 address in the field. Therefore, it follows that Sampath does not teach 
or suggest securing both mobility and security in a system where user authentication 
and filtering are performed, and is different from the present invention. 

Therefore, Sampath fails to teach or suggest "a filtering processing unit that 
determines whether to relay the received packet to the packet relay unit or discard 
the packet in accordance with: one or more of a destination MAC (Media Access 
Controh address and a destination IPv6 (Internet Protocol version 6) address and a 
source MAC address: and a source IPv6 interface I D contained in the received 

packet" as recited in claim 1 1 . 

The above noted deficiencies of Sampath are not supplied by any of the other 
references of record, namely Clark, whether taken individually or in combination with 
each other. Therefore, combining the teachings of Sampath and Clark in the manner 
suggested by the Examiner still fails to teach or suggest the features of the present 
invention as now more clearly recited in the claims. 

Clark teaches a method of administering a dynamic filtering firewall. 
However, there is no teaching or suggestion in Clark of the network authentication 
system as recited in claim 1 1 of the present invention. 
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Clark discloses a method of permitting a subscriber access to an online server 
complex operated by a particular online service provider (OSP). An IP 
communication request including a destination IP address and an origination IP 
address is received. The IP communication request is forwarded to a dynamic 
filtering firewall if the destination IP address corresponds to a service provided by the 
particular OSP. The origination IP address is compared with a table of stored 
authenticated IP addresses. The IP communication request is forwarded to the 
destination IP address if the origination IP address matches an IP address contained 
in the table. 

One feature of the present invention, as recited in claim 1 1 , includes a filtering 
processing unit that determines whether to relay the received packet to the packet 
relay unit or discard the packet in accordance with: one or more of a destination 
MAC (Media Access Control) address and a destination IPv6 (Internet Protocol 
version 6) address and a source MAC address; and a source IPv6 interface ID, 
contained in the received packet. Clark does not disclose this feature, and the 
Examiner does not rely upon Clark for teaching this feature. 

Therefore, Clark fails to teach or suggest "filtering processing unit that 
determines whether to relay the received packet to the packet relay unit or discard 
the packet in accordance with: one or more of a destination MAC (Media Access 
Control) address and a destination IPv6 (Internet Protocol version 6) address and a 
source MAC address; and a source IPv6 interface ID,_contained in the received 
packet" as recited in claim 1 1 . 

Both Sampath and Clark suffer from the same deficiencies, relative to the 
features of the present invention, as recited in the claims. Therefore, combining the 
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teachings of Sampath and Clark in the manner suggested by the Examiner does not 
render obvious the features of the present invention as now more clearly recited in 
the claims. Accordingly, reconsideration and withdrawal of the 35 U.S.C. §1 03(a) 
rejection of claims 8, 9 and 11-15 as being unpatentable over Sampath in view of 
Clark are respectfully requested. 

The remaining references of record have been studied. Applicants submit 
that they do not supply any of the deficiencies noted above with respect to the 
references used in the rejection of claims 8, 9 and 11-15. 

Claim 10 stands rejected under 35 U.S.C. §1 03(a) as being unpatentable over 
Sampath and further in view of U. S. Patent No. 7,051 ,365 to Bellovin. Claim 10 is 
dependent on claim 1. Therefore, claim 10 is allowable for at least the same 
reasons previously discussed regarding independent claim 1 . 

In view of the foregoing amendments and remarks, Applicants submit that 
claims 1-1 6 are in condition for allowance. Accordingly, early allowance of claims 1- 
16 is respectfully requested. 
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To the extent necessary, the Applicants petition for an extension of time under 
37 CFR 1 .136. Please charge any shortage in fees due in connection with the filing 
of this paper, including extension of time fees, or credit any overpayment of fees, to 
the deposit account of Mattingly, Stanger, Malur & Brundidge, P.C., Deposit Account 
No. 50-1417 (referencing Attorney Docket No. HAS-101). 



Respectfully submitted, 



MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.O. 




Donna K. Mason 
Registration No. 45,962 



DKM/cmd 
(703) 684-1120 
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